
36
The DHIG governance process reduces risk for both individual projects and
for the broader organization, improving the likelihood success by ensuring
proper approvals and best practices are followed.
COPYRIGHT NOTICE
Brigham & Women’s Hospital. Rights Reserved. This work is distributed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0
License (“License”), which permits unrestricted sharing of this work, provided that: (1) it may not be used for commercial purpose s; (2) Adapted
Material may be prepared and shall be made freely avai lable under identical terms and condit ions of the License; and (3) attribution must be given
to Brigham & Women’s Hospital.
All terms and conditions of the Licen se are available her e:
https://creativeco mmons.org/licenses/by-nc-sa/4.0/leg alcode
*Listed assets may be available upon request. Please contact us at bwhihub.org or email ihub@partners.org for more information.
Rev 1.4 – May 15, 2017
Digital Health Innovation Guide (DHIG) Checklist
Business Associate Agreement
(BAA)
Agreement between the vendor and
subcontractors who will be performing a
service on behalf of the institution and will
have access to patient health information
(protected health information or “PHI”).
Brigham and Women’s Hospital
(BWH) standard BAA template*
Agreement between innovator and vendor
as to pilot scope. Used for contracting
purposes and must be signed off by supply
chain for a PO to be issued. Substantial
modifications or enhancements to develop
should consider a new SOW.
Partners HealthCare System
(PHS) standard SOW template*
Support for Product During
Pilot
It is the application owner's responsibility
to provide application support for all users.
Discuss with your client how you will
manage issues and turnaround time.
Terms and Conditions (T&C)
Review
T&C for patients and other users must be
approved by client's legal.
Marketing
& Public
Affairs
Reference Hospital in
Marketing/PR
Approval for any planned project PR must
be discussed with hospital in advance.
There can be limits on how to incorporate
hospital in marketing/PR.
Research or Quality
Improvement (QI) Submission
Pilots need to determine if an IRB review is
required for research purposes or if the
proposed activity is clinical quality
improvement/measurement, in which case
IRB review is not required. If a pilot is
research, then the IRB approval must be
complete prior to launch. This should also
be included in the SOW.
Clinical Quality Improvement
checklist*
Security review of the app to ensure that it
will be safe within hospital environment.
This is also where HIPAA compliance is
addressed.
BWH IS standard vendor
cybersecurity risk assessment
form*
A subcomponent of the risk assessment:
May include Veracode and Qualys scans,
depending on product design.
CHECKLIST-DRIVEN PROCESS
Pre-approved/customizable guardrails and
regular check-ins keep projects on track
CROSS-FUNCTIONAL GUIDANCE
Information Security, Partners eCare,
Compliance, IRB, Partners Innovation and
other teams
PROJECTS
REVIEWED
100+
AVERAGE TIME FROM
INTAKE TO PILOT
FOR PROJECTS WHICH ULTIMATELY
EXECUTED A PILOT
9
MONTHS
IMPACT TO DATE
Digital Health Innovation Guide (DHIG)